[nautilus] clipboard: Prevent crash when selection data is empty

[Ernestas Kulik <ernestask src gnome org>]

commit be53569b339b4494647758a9afa0fdd30184455b
Author: Ernestas Kulik <ernestask gnome org>
Date:   Thu Aug 2 22:29:03 2018 +0300

    clipboard: Prevent crash when selection data is empty
    
    Somehow, magically, it can happen that the clipboard contains an empty
    string, which wreaks havoc in convert_selection_data_to_str_list(),
    since the loop counter goes from 0 to the number of lines in the data
    string minus one. This commit adds a check for the number of lines and
    returns early. Additionally, this introduces automatic cleanup for a
    variable and fixes mismatched types.

 src/nautilus-clipboard.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)
---
diff --git a/src/nautilus-clipboard.c b/src/nautilus-clipboard.c
index 752ff131f..2a77cf28f 100644
--- a/src/nautilus-clipboard.c
+++ b/src/nautilus-clipboard.c
@@ -42,23 +42,29 @@ typedef struct
 static GList *
 convert_selection_data_to_str_list (const gchar *data)
 {
-    int i;
+    g_auto (GStrv) lines;
+    guint number_of_lines;
     GList *result;
-    size_t number_of_lines;
-    gchar **lines;
 
     lines = g_strsplit (data, "\n", 0);
-    result = NULL;
     number_of_lines = g_strv_length (lines);
+    if (number_of_lines == 0)
+    {
+        /* An empty string will result in g_strsplit() returning an empty
+         * array, so, naturally, 0 - 1 = UINT32_MAX and we read all sorts
+         * of invalid memory.
+         */
+        return NULL;
+    }
+    result = NULL;
+
     /* Also, this skips the last line, since it would be an
      * empty string from the split */
-    for (i = 0; i < number_of_lines - 1; i++)
+    for (guint i = 0; i < number_of_lines - 1; i++)
     {
         result = g_list_prepend (result, g_strdup (lines[i]));
     }
 
-    g_strfreev (lines);
-
     return g_list_reverse (result);
 }